[61068] in North American Network Operators' Group

home help back first fref pref prev next nref lref last post

Cisco filter question

daemon@ATHENA.MIT.EDU (Geo.)
Fri Aug 22 12:20:34 2003

From: "Geo." <georger@getinfo.net>
To: <nanog@merit.edu>
Date: Fri, 22 Aug 2003 12:17:11 -0400
In-Reply-To: <Pine.LNX.4.44.0308212153170.31407-100000@MrServer>
Errors-To: owner-nanog-outgoing@merit.edu


Perhaps one of you router experts can answer this question. When using =
the cisco specified filter

 access-list 199 permit icmp any any echo
    access-list 199 permit icmp any any echo-reply
      =20
    route-map nachi-worm permit 10
      ! --- match ICMP echo requests and replies (type 0 & 8)=20
      match ip address 199
   =20
      ! --- match 92 bytes sized packets
      match length 92 92
=20
      ! --- drop the packet
      set interface Null0
      =20
   =20
    interface <incoming-interface>
      ! --- it is recommended to disable unreachables
      no ip unreachables
=20
      ! --- if not using CEF, enabling ip route-cache flow is =
recommended
      ip route-cache policy
=20
      ! --- apply Policy Based Routing to the interface
      ip policy route-map nachi-worm=20

why would it not stop this packet

15 1203.125000 0003E3956600 AMERIC6625D4 ICMP Echo: From 216.144.20.69 =
To 216.144.00.27 216.144.20.69 216.144.0.27 IP=20
FRAME: Base frame properties
    FRAME: Time of capture =3D 8/22/2003 11:54:16.859
    FRAME: Time delta from previous physical frame: 0 microseconds
    FRAME: Frame number: 15
    FRAME: Total frame length: 106 bytes
    FRAME: Capture frame length: 106 bytes
    FRAME: Frame data: Number of data bytes remaining =3D 106 (0x006A)
ETHERNET: ETYPE =3D 0x0800 : Protocol =3D IP:  DOD Internet Protocol
    ETHERNET: Destination address : 00C0B76625D4
        ETHERNET: .......0 =3D Individual address
        ETHERNET: ......0. =3D Universally administered address
    ETHERNET: Source address : 0003E3956600
        ETHERNET: .......0 =3D No routing information present
        ETHERNET: ......0. =3D Universally administered address
    ETHERNET: Frame Length : 106 (0x006A)
    ETHERNET: Ethernet Type : 0x0800 (IP:  DOD Internet Protocol)
    ETHERNET: Ethernet Data: Number of data bytes remaining =3D 92 =
(0x005C)
IP: ID =3D 0x848; Proto =3D ICMP; Len: 92
    IP: Version =3D 4 (0x4)
    IP: Header Length =3D 20 (0x14)
    IP: Precedence =3D Routine
    IP: Type of Service =3D Normal Service
    IP: Total Length =3D 92 (0x5C)
    IP: Identification =3D 2120 (0x848)
    IP: Flags Summary =3D 0 (0x0)
        IP: .......0 =3D Last fragment in datagram
        IP: ......0. =3D May fragment datagram if necessary
    IP: Fragment Offset =3D 0 (0x0) bytes
    IP: Time to Live =3D 124 (0x7C)
    IP: Protocol =3D ICMP - Internet Control Message
    IP: Checksum =3D 0x70D8
    IP: Source Address =3D 216.144.20.69
    IP: Destination Address =3D 216.144.0.27
    IP: Data: Number of data bytes remaining =3D 72 (0x0048)
ICMP: Echo: From 216.144.20.69 To 216.144.00.27
    ICMP: Packet Type =3D Echo
    ICMP: Echo Code =3D 0 (0x0)
    ICMP: Checksum =3D 0x82AA
    ICMP: Identifier =3D 512 (0x200)
    ICMP: Sequence Number =3D 7680 (0x1E00)
    ICMP: Data: Number of data bytes remaining =3D 64 (0x0040)
00000:  00 C0 B7 66 25 D4 00 03 E3 95 66 00 08 00 45 00   =
.=C3=80=C2=B7f%=C3=94..=C3=A3=E2=80=A2f...E.
00010:  00 5C 08 48 00 00 7C 01 70 D8 D8 90 14 45 D8 90   =
.\.H..|.p=C3=98=C3=98=C2=90.E=C3=98=C2=90
00020:  00 1B 08 00 82 AA 02 00 1E 00 AA AA AA AA AA AA   =
....=E2=80=9A=C2=AA....=C2=AA=C2=AA=C2=AA=C2=AA=C2=AA=C2=AA
00030:  AA AA AA AA AA AA AA AA AA AA AA AA AA AA AA AA   =
=C2=AA=C2=AA=C2=AA=C2=AA=C2=AA=C2=AA=C2=AA=C2=AA=C2=AA=C2=AA=C2=AA=C2=AA=C2=
=AA=C2=AA=C2=AA=C2=AA
00040:  AA AA AA AA AA AA AA AA AA AA AA AA AA AA AA AA   =
=C2=AA=C2=AA=C2=AA=C2=AA=C2=AA=C2=AA=C2=AA=C2=AA=C2=AA=C2=AA=C2=AA=C2=AA=C2=
=AA=C2=AA=C2=AA=C2=AA
00050:  AA AA AA AA AA AA AA AA AA AA AA AA AA AA AA AA   =
=C2=AA=C2=AA=C2=AA=C2=AA=C2=AA=C2=AA=C2=AA=C2=AA=C2=AA=C2=AA=C2=AA=C2=AA=C2=
=AA=C2=AA=C2=AA=C2=AA
00060:  AA AA AA AA AA AA AA AA AA AA                     =
=C2=AA=C2=AA=C2=AA=C2=AA=C2=AA=C2=AA=C2=AA=C2=AA=C2=AA=C2=AA     =20
home help back first fref pref prev next nref lref last post